58dfd8aa68
* add permissions service * start template helper * match prefixed paths * gate sidebar links * land on first page user has access to * show nav when user first logs in * clear paths when user logs out * add tests * implement feedback * show all nav items if no policy is found * update onboarding wizard * fix some unrelated tests * add support for namespaces * gate wizard * unstage package and lockfile
72 lines
2.1 KiB
JavaScript
72 lines
2.1 KiB
JavaScript
import { create } from 'ember-cli-page-object';
|
|
import { module, test } from 'qunit';
|
|
import { setupApplicationTest } from 'ember-qunit';
|
|
import authPage from 'vault/tests/pages/auth';
|
|
import logout from 'vault/tests/pages/logout';
|
|
import consoleClass from 'vault/tests/pages/components/console/ui-panel';
|
|
|
|
const consoleComponent = create(consoleClass);
|
|
|
|
const tokenWithPolicy = async function(name, policy) {
|
|
await consoleComponent.runCommands([
|
|
`write sys/policies/acl/${name} policy=${policy}`,
|
|
`write -field=client_token auth/token/create policies=${name}`,
|
|
]);
|
|
|
|
return consoleComponent.lastLogOutput;
|
|
};
|
|
|
|
module('Acceptance | cluster', function(hooks) {
|
|
setupApplicationTest(hooks);
|
|
|
|
hooks.beforeEach(async function() {
|
|
await logout.visit();
|
|
return authPage.login();
|
|
});
|
|
|
|
test('hides nav item if user does not have permission', async function(assert) {
|
|
const deny_policies_policy = `'
|
|
path "sys/policies/*" {
|
|
capabilities = ["deny"]
|
|
},
|
|
'`;
|
|
|
|
const userToken = await tokenWithPolicy('hide-policies-nav', deny_policies_policy);
|
|
await logout.visit();
|
|
await authPage.login(userToken);
|
|
|
|
assert.dom('[data-test-navbar-item=policies]').doesNotExist();
|
|
await logout.visit();
|
|
});
|
|
|
|
test('shows nav item if user does have permission', async function(assert) {
|
|
const read_secrets_policy = `'
|
|
path "cubbyhole/" {
|
|
capabilities = ["read"]
|
|
},
|
|
'`;
|
|
|
|
const userToken = await tokenWithPolicy('show-secrets-nav', read_secrets_policy);
|
|
await logout.visit();
|
|
await authPage.login(userToken);
|
|
|
|
assert.dom('[data-test-navbar-item=secrets]').exists();
|
|
await logout.visit();
|
|
});
|
|
|
|
test('nav item links to first route that user has access to', async function(assert) {
|
|
const read_rgp_policy = `'
|
|
path "sys/policies/rgp" {
|
|
capabilities = ["read"]
|
|
},
|
|
'`;
|
|
|
|
const userToken = await tokenWithPolicy('show-policies-nav', read_rgp_policy);
|
|
await logout.visit();
|
|
await authPage.login(userToken);
|
|
|
|
assert.dom('[data-test-navbar-item=policies]').hasAttribute('href', '/ui/vault/policies/rgp');
|
|
await logout.visit();
|
|
});
|
|
});
|